ClawHub

macos-security-scan

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local macOS security scanner that runs read-only checks and saves a local report, with no evidence of exfiltration or destructive behavior.

Install only if you want a local Mac security scan and are comfortable saving a system-inventory report on your Desktop. Prefer running without sudo first; use sudo only if you understand it may reveal more private system permission and network details in the report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares only a general 'permissions' note in metadata, but its workflow explicitly invokes a shell command and writes a report to the Desktop. This creates a capability/permission mismatch that can mislead reviewers and users about what the skill will actually do, reducing informed consent and making misuse of shell/file-write behavior harder to detect.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The activation guidance is very broad and instructs the agent to 'always use this skill' for generic Mac safety questions, which can cause the skill to trigger in situations where the user only wanted advice, not local command execution or report generation. Overbroad triggering is dangerous because it increases the chance of unnecessary shell execution and requests for elevated privileges in benign conversations.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- The scan takes about 30–60 seconds.
- A report file will be saved when done.

Ask: "Ready to run the scan? And do you want to run it with sudo for deeper
results, or without sudo to keep it simple?"

### Step 2 — Run the scan script
Confidence
71% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- A report file will be saved when done.

Ask: "Ready to run the scan? And do you want to run it with sudo for deeper
results, or without sudo to keep it simple?"

### Step 2 — Run the scan script
Confidence
89% confidence
Finding
sudo

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal